PERFORCE change 109950 for review

Todd Miller millert at FreeBSD.org
Tue Nov 14 18:27:50 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=109950

Change 109950 by millert at millert_g5tower on 2006/11/14 18:27:13

	Remove mac_enforce toggle

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#4 (text+ko) ====

@@ -44,15 +44,9 @@
 #include <sys/vnode_internal.h>
 #include <sys/file.h>
 #include <sys/file_internal.h>
-#include <sys/sysctl.h>
 
 #include <security/mac_internal.h>
 
-static int	mac_enforce_file = 1;
-SYSCTL_INT(_security_mac, OID_AUTO, enforce_file, CTLFLAG_RW,
-    &mac_enforce_file, 0, "Enforce MAC policy on file descriptors");
-TUNABLE_INT("security.mac.enforce_file", &mac_enforce_file);
-
 static struct label *
 mac_file_label_alloc(void)
 {
@@ -98,8 +92,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_create, cred);
 	return (error);
 }
@@ -109,8 +101,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_dup, cred, fg, fg->fg_label, newfd);
 	return (error);
 }
@@ -130,8 +120,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_ioctl, cred, fg, fg->fg_label, cmd, data);
 	return (error);
 }
@@ -141,8 +129,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_inherit, cred, fg, fg->fg_label);
 	return (error);
 }
@@ -152,8 +138,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_receive, cred, fg, fg->fg_label);
 	return (error);
 }
@@ -164,8 +148,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_get_flags, cred, fg, fg->fg_label, flags);
 	return (error);
 }
@@ -176,8 +158,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_get_ofileflags, cred, fg, fg->fg_label, flags);
 	return (error);
 }
@@ -188,8 +168,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_change_flags, cred, fg, fg->fg_label, oldflags,
 	    newflags);
 	return (error);
@@ -201,8 +179,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_change_ofileflags, cred, fg, fg->fg_label,
 	    oldflags, newflags);
 	return (error);
@@ -213,8 +189,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_get_offset, cred, fg, fg->fg_label);
 	return (error);
 }
@@ -224,8 +198,6 @@
 {
 	int error;
 
-	if (!mac_enforce_file)
-		return (0);
 	MAC_CHECK(file_check_change_offset, cred, fg, fg->fg_label);
 	return (error);
 }

More information about the trustedbsd-cvs mailing list